Greetings,
I have the following problem: Installed a CA and OCSP responder roles on a domain controller. Correctly setup the OCSP, and tested the whole setup from another computer in the same domain - running certutil -url which correctly verifies the OCSP. But when i decide to test from a computer that is not a member of the domain (or is a member of another domain), running certutil -url against the same certificate returns status Unsuccessful! in the eventviewer on the OCSP server there is no related error. Decided to enable CAPI logging and i've noticed that the URLs to which the request are submitted are different on the domain and non-domain computers:
Non-Domain computer URL (not working):
http://win-klevor4nb6d/ocsp/MDcwNTAzMDEwLzAJBgUrDgMCGgUABBRVeOVFjVwlZOczRS7iHMtFTBnP2QQAAgphGbRxAAAAAAAK?Content-Type: application/ocsp-reques
Domain computer URL (working):
http://win-klevor4nb6d/ocsp/MEswSTBHMEUwQzAJBgUrDgMCGgUABBRVeOVFjVwlZOczRS7iHMtFTBnP2QQUGdYz6MukMk5tZCAAUb%2boRbM6rEoCCmEZtHEAAAAAAAo%3d?Content-Type: application/ocsp-request
Pasting the domain URL in IE on the non-domain computer correctly downloads the full response. Using the other URL downloads only the first several bytes of the correct reponse.
Any help on this is gladly appreciated!
I have the following problem: Installed a CA and OCSP responder roles on a domain controller. Correctly setup the OCSP, and tested the whole setup from another computer in the same domain - running certutil -url which correctly verifies the OCSP. But when i decide to test from a computer that is not a member of the domain (or is a member of another domain), running certutil -url against the same certificate returns status Unsuccessful! in the eventviewer on the OCSP server there is no related error. Decided to enable CAPI logging and i've noticed that the URLs to which the request are submitted are different on the domain and non-domain computers:
Non-Domain computer URL (not working):
http://win-klevor4nb6d/ocsp/MDcwNTAzMDEwLzAJBgUrDgMCGgUABBRVeOVFjVwlZOczRS7iHMtFTBnP2QQAAgphGbRxAAAAAAAK?Content-Type: application/ocsp-reques
Domain computer URL (working):
http://win-klevor4nb6d/ocsp/MEswSTBHMEUwQzAJBgUrDgMCGgUABBRVeOVFjVwlZOczRS7iHMtFTBnP2QQUGdYz6MukMk5tZCAAUb%2boRbM6rEoCCmEZtHEAAAAAAAo%3d?Content-Type: application/ocsp-request
Pasting the domain URL in IE on the non-domain computer correctly downloads the full response. Using the other URL downloads only the first several bytes of the correct reponse.
Any help on this is gladly appreciated!